The Stack Archive

Chrome extension leaked personal data putting millions at risk

Wed 8 Apr 2015

Researchers have found a seemingly innocuous Google Chrome extension has been posing a significant security threat to millions of users.

IT security experts ScrapeSentry analysed a number of Chrome extensions and found that the popular add-on Webpage Screenshot was gathering personal information and sending it on to an IP address based in the United States.

The Swedish firm reported that the Webpage Screenshot extension had been downloaded over 1.2mn times, and that web users were unknowingly sharing their personal data to be used for illegal activity.

“We are in the business of detecting and blocking scrapers and bots that break the terms and conditions of use of our customers’ websites,” said ScrapeSentry founding partner Martin Zetterlund. “We recently identified an unusual pattern of traffic to one of our client’s sites which alerted our investigators that something was very wrong,” he continued.

After studying the software, the team discovered that the download contained malicious code which would have been capable of forwarding a user’s complete browsing history to an unknown third-party IP address. The company also believes that email and other documents could have been compromised.

“The repercussions of this could be quite major for the individuals who have downloaded the extension […] What happens to the personal data, and the motives for wanting it sent it to the U.S. server, is anyone’s guess, [but] it’s not going to be good news ,” said ScrapeSentry analyst Cristian Mariolini.

“If it’s not stopped the plugin may, at any given time, be updated with new malicious functionality. We would hope that Google will look into this security breach with some urgency,” Mariolini continued.

Google has started to improve its monitoring of software with malicious intent across its app and extension platforms. Earlier this month it confirmed that it was working to tackle ad-injecting malware and apps containing explicit materials. The search giant said that it had removed almost 200 deceptive extensions affecting Chrome users.

Security experts warn that these threats represent real risks as they seem harmless and are therefore easily misused. Mark James, analyst at security firm ESET, explained that this was the case with the Chrome extension: “The […] extension contains malicious code that has the ability to send all your browsing data to a single server in the U.S. Any information, including page titles, could be sent off without your knowledge.”

“Extensions can enhance our browsing experience but, like a lot of free software, we need to evaluate it and what it offers versus the risks of it being ‘free’,” he advised, adding that “even if it looks safe, if you give it permission to do something it may update itself at a later date to do something malicious and still have that authorisation.”


Google malware news security
Send us a correction about this article Send us a news tip